﻿using System;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["uid"] != null)
        {
            Response.Redirect("ssss.aspx");
        }else if (Request.Cookies["UserInfo"] != null)
        {//缺少加密
            if (authentication(Request.Cookies["UserInfo"]["uname"], Request.Cookies["UserInfo"]["upw"]))
            { Response.Redirect("ssss.aspx"); }
        }
        else if (Request.Params["lo"] != null)
        {
            lblError.Text = "登录失败！";
        }
        //lblError.Text = "1234";
    }
    //protected void userLogin_Authenticate(object sender, AuthenticateEventArgs e)
    protected void btnSubmit_Click(object sender, EventArgs e)
    {
        if (authentication(loginForm.UserName, loginForm.Password))
        {
            CheckBox rm = (CheckBox)loginForm.FindControl("RememberMe");
            if (rm.Checked)
            {
                HttpCookie objCookie = new HttpCookie("UserInfo");
                Response.Cookies.Remove("UserInfo");
                objCookie.Values.Add("uid", Session["uid"].ToString());
                objCookie.Values.Add("uname", Session["uname"].ToString());
                objCookie.Values.Add("upw", loginForm.Password);
                objCookie.Values.Add("urole", Session["urole"].ToString());

                objCookie.Expires = DateTime.Now.AddDays(15);

                Response.AppendCookie(objCookie);
            }
            if (Request.Params["add"] == null)
                Response.Redirect("ssss.aspx");
            else
                Response.Redirect(Request.Params["add"] + "");
        }
        else
        {
            Response.Redirect("Default.aspx?lo=0");
        }
    }

    protected bool authentication(string un, string pw)
    {
        try
        {
            string sql = "select user00_id0000, user00_name00 from user00 where user00_name00 = '" + un + "' and user00_passwo = '" + pw + "'";
            DataSet userSet = DBFunctions.GetDataSetDB(sql);
            int flag = 0;
            if (userSet.Tables[0].Rows.Count == 1)
            {
                Session["uid"] = userSet.Tables[0].Rows[0]["user00_id0000"];
                Session["uname"] = userSet.Tables[0].Rows[0]["user00_name00"];
                flag = 1;
            }
            //LoginLog Here
            if (userSet.Tables[0].Rows.Count == 1)
            {
                return true;
            }
            else
            {
                //throw new Exception("");
                return false;
            }
        }
        catch (Exception ex)
        {
            lblError.Text = "Login failed!<br/>" + ex.Message;
            return false;
        }
    }
}